May 2018 Archives

Thu May 31 16:18:27 EEST 2018

joke 2018-05-31

Mon May 28 13:55:32 EEST 2018

Stories from the past: the qmail-smtpd on freebsd
exploit

Stories from the past: the qmail-smtpd on freebsd exploit
The qmail smtpd exploit on freebsd is probably the most bragable
of my exploits. The advisory is at [1] and is rather short.
Don't remember it is so because of "if it was hard to write, it must be
hard to understand".
I don't like this exploit much, the *BSD kernel stuff is better IMHO.
The provably exploitable part of the advisory is:
---
char *p;
int i; /*XXX signed int*/
...
p[i]=0;
---
In case $i$ is negative, this is out of bounds write. It is not
integer overflow, more like memory corruption.
The process of discovery was rational [^2] dirty labour:
1. analyze
2. test
3. in case of failure (almost surely it fails) repeat
4. return SUCCESS
The process took _long_. Temporary gave up several times, until I
pressed the lucky keys.
Exploitability required about 20GB of virtual memory.
djb basically replied: "This is not a bug, this is a feature. Nobody gives so
much virtual memory to qmail".
The strongest counterclaims to djb's answer are:
1. The installation instructions don't mention limits
2. In the future libc alone can become larger than the limits
[1] http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html
[^2]: in math irrational and transcendental stuff are more interesting
than rational stuff.

Tue May 15 14:41:04 EEST 2018

Open letter to HRs

Hi HR,
You are a proxy recruiter, right?
Assuming so I appear to be the ``product''.
Here is a brief summary of the product: I was active in security in the period
1997-2007, mainly disclosing my 0days. Per my estimate was in top 3%
overall of the public hacking scene (this might be far off in both
directions).
During roughly this time was Netscape/Mozilla independent security consultant,
mainly pre-0days and advice for the Firefox browser.
Then I went on a vacation, mainly enjoying life and doing
experimental mathematics as a hobby.
I am considering return in the IT stuff.
Some of the things I DO NOT do currently:
1. 0days (AKA security bug hunting)
2. working with products of microsoft (don't like MS).
3. relocation from Sofia, Bulgaria (it is in the EU).
Some of the things I would like to do (not all applicable for you):
1. Experimental mathematics/data analysis
2. Software quality assurance (QA)
3. Hardening systems
4. Privacy research
5. Some security research without 0days
6. Possibly software development
7. Possibly security consulting
In all non-trivial stuff I have done I am self taught, education
didn't help much.
CV: http://j.ludost.net/resumegg.pdf
Georgi Guninski